gate# apt install haproxy
gate# cat wild.crt wild.key > /etc/ssl/private/wild.crtkey
gate# ###cat gowebd.crt gowebd.key > /etc/ssl/private/gowebd.crtkey
gate# ###cat keycloak.crt keycloak.key > /etc/ssl/private/keycloak.crtkey
gate# cat /etc/haproxy/haproxy.cfg
...
frontend ft-gate
mode http
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
bind *:443 ssl crt /etc/ssl/private/wild.crtkey
# bind *:443 ssl crt /etc/ssl/private/gowebd.crtkey crt /etc/ssl/private/keycloak.crtkey
default_backend bk-kube-ingress
# use_backend bk-kube-ingress if { ssl_fc_sni keycloak.corp13.un }
# use_backend bk-node-ingress if { ssl_fc_sni gowebd.corp13.un }
option tcplog
backend bk-kube-ingress
# http-request set-header X-Forwarded-Proto https if { ssl_fc }
# http-request set-header X-Forwarded-Host %[req.hdr(Host)]
# http-request set-header X-Forwarded-Port %[dst_port]
## http-request add-header X-Real-Ip %[src] # Custom header with src IP
## option forwardfor # X-forwarded-for
## http-request set-uri https://%[req.hdr(Host)]%[path]?%[query] if { ssl_fc }
mode http
balance roundrobin
server kube1 kube1:80 check
server kube2 kube2:80 check
server kube3 kube3:80 check
#backend bk-node-ingress
# mode http
# balance roundrobin
# server node2 node2:80 check
# server node3 node3:80 check
# haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
# service haproxy restart
# tail -f /var/log/haproxy.log
# journalctl -f | grep proxy
# ###haproxy -f /etc/haproxy/haproxy.cfg -d
haproxy# curl https://localhost/ -H "Host: gowebd.corpX.un" -k